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Application No.: 10/734,028 

Office Action Dated: December 24, 2008 

REMARKS 

This is a full and timely response to the non-final Office Action mailed December 24, 

2008. Reconsideration and allowance of the application and presently pending claims are 
respectfully requested. 

Telephone Conversation With Examiner 

Examiner Johnson is thanked for the telephone conversation conducted on February 25, 

2009. Proposed claim amendments were discussed. Cited art was discussed. No agreements 
were reached. 

Present Status of Patent Application 

Claims 2-4, 7-12, 14, 16, 18-21, 23, and 25-36 are pending in the present application. 
Specifically, claims 2-4, 7-12, 14, 16, 18-21, 23, and 25-30 have been currently amended without 
adding new matter; claims 1,5,6, 13, 15, 17, 22, and 24 have been canceled without prejudice, 
waiver, or disclaimer; and claims 31-36 are new claims submitted without introduction of new 
matter. Reconsideration and allowance of the application and presently pending claims are 
respectfully requested. 

Claim Rejections under 35 U.S.C. §112 
Statement of the Rejection 

Claims 1, 19 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply with 
the written description requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to reasonably convey to one skilled in the relevant 
art that the inventor(s), at the time the application was filed, had possession of the claimed 
invention. 

For claims 1, 19 there is no disclosure for the term, "publicly available" in the claim 
limitation: "publicly available to any entity including the second entity"... 
Response to the Rejection 
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Applicants respectfully traverse the Office action allegation that "the specification only 
states that the code ID is well known to the second entity and not publicly available (known to 
"all entities ")." In contradiction to this allegation, attention is drawn to paragraph [0040] of 
Applicants' specification wherein it is disclosed: "As should be appreciated, and again, (1) 
arises from the certificate chain attached to the digital signature of the attestation message 20, 
and (2) arises from the public knowledge of each code ID 16 for the first entity 10 and whether 
such first entity 0 as represented by such code ID 16 is trustworthy." (Emphasis added). 

Notwithstanding this traversal, Applicants have opted to cancel claim 1 and have also 
deleted the objected term from claim 19. Consequently, Applicants request withdrawal of the 
rejection under 35 U.S.C. 112, followed by allowance of these claims. 

Claim Rejections under 35 U.S.C. §102 
Statement of the Rejection 

Claims 1-14, 17-27, 29, 30 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Yan etal. (USPGPUBNo. 20050033987). 
Response to the Rejection 
Claims 1, 5, 6, 13, 17, 22 and 24 

Applicants have opted to cancel claims 1, 5, 6, 13, 17, 22 and 24 and respectfully submit 
that the rejection of these claims has been rendered moot as a result of the cancellation. 
Claims 2-4, 7-12, 14, and 18 

Applicants have amended claims 2-4, 7-12, 14, and 18 to be directly or indirectly 
dependent on new claim 31, which is allowable for reasons provided below. Consequently, 
claims 2-4, 7-12, 14, and 18 are allowable by law arising from claim dependency from an 
allowable claim. For at least this reason, Applicants hereby request withdrawal of the rejection 
followed by allowance of these claims. 

Claim 19 

Applicants have amended claim 19 to be directly dependent on amended claim 30, which 
is allowable for reasons provided below, thereby making claim 19 allowable as well. For at least 

Page 12 of 19 



DOCKET NO.: MSFT-2795 (305124.1) PATENT 

Application No.: 10/734,028 

Office Action Dated: December 24, 2008 

this reason, Applicants hereby request withdrawal of the rejection followed by allowance of 
claim 19. 

Claims 20, 21, 23, 25-27, and 29 

Applicants respectfully submit that claims 20, 21, 23, 25-27, and 29 are allowable for 
several reasons. One amongst these several reasons is because each of these claims is now 
dependent, directly or indirectly, on amended claim 30, which is allowable for reasons provided 
below. Consequently, Applicants respectfully request withdrawal of the rejection followed by 
allowance of claims 20, 21, 23, 25-27, and 29. 

Claim 30 

Applicants respectfully traverse the rejection of the claim for the following reasons. (It 
may be pertinent to point out that claim 30 has been currently amended so as to place it in 
independent form.) 

As is known, a proper rejection under 35 U.S.C 102 necessitates that the cited prior art 
reference must teach every aspect of the claimed invention with no question of obviousness 
bcinu present . Applicants respectfully submit that the current rejection of claim 30 under 35 
U.S.C 102 fails to satisfy this requirement because the cited prior art of Yan fails to 
unambiguously disclose each aspect of the claim. 

Specifically, with reference to claim 30, attention is drawn to page 21 of the Office action 
wherein the claim has been rejected based on "7a« paragraph [0065], lines 9-15: attestation 
information (wanted-message) formatted in a negotiated format.'''' However, contrary to 
requirements under 35 U.S.C. 102, no details have been provided as to how Yan's lines 9-15 
actually disclose anticipatory elements corresponding to Applicants' claim elements (e.g., "a 
can-attest message" and "an attestation-wanted message" sent in response thereof). 

Applicants respectfully submit that such an omnibus allegation fails to satisfy pertinent 
guidelines provided in MPEP 706 "Rejections of Claims [R-5]," which state: "The goal of 
examination is to clearly articulate any rejection early in the prosecution process so that the 
applicant has the opportunity to provide evidence of patentability and otherwise reply completely 
at the earliest opportunity." 
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In addition to the guideline reproduced above, MPEP 760 provides an additional 
guideline that states: "Although the part of the Manual explains the procedure in rejecting 
claims, the examiner should never overlook the importance of his or her role in allowing claims 
which properly define the invention". 

Applicants respectfully submit that in the present instance, the Office action not only fails 
to satisfy the nobler guideline of providing some indication of allowable subject matter (which 
Applicants believe to reasonably exist in light of Yan) but further fails to provide distinct, 
unambiguous reasons for rejecting the claim, thereby denying Applicants a fair opportunity to 
provide evidence of patentability. 

To further elaborate on the impropriety of the rejection, attention is drawn to the 
following remarks made in the MPEP: 

1) "USPTO personnel should begin claim analysis by identifying and evaluating each claim 
limitation." (MPEP § 2106 II. C), 

2) "Once USPTO personnel have concluded the above analyses of the claimed invention under 
all the statutory provisions . . . they should review all the proposed rejections and their bases to 
confirm that they are able to set forth a prima facie case of unpatentability." (MPEP § 2106 
VII), and 

3) USPTO personnel should then "clearly communicate findings, conclusions and their bases." 
(MPEP §2106 VII). 

4) "The goal of examination is to clearly articulate any rejection early in the prosecution process 
so that the applicant has the opportunity to provide evidence of patentability and other wise 
reply completely at the earliest opportunity." (MPEP § 706). 

5) "The pertinence of reference, if not apparent, must be clearly explained and each rejected 
claim specified." (emphasis added) (37 § CFR 1.104 (c)(2), MPEP 706). Furthermore, the 
examiner bears the burden of proof to show patent invalidity. See In re Caveney, 761 F.2d 
671, 674 (Fed. Cir. 1985). Such proof must amount to a preponderance of the evidence to 
warrant rejection of claims. Id. 
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In the present instance, the Office Action fails to unambiguously point out what elements 
in Yan are allegedly equated to the claimed subject matter of claim 30. It is therefore respectfully 
asserted that the burden to clearly articulate the rejection per MPEP has not been met. 

Notwithstanding the shortcomings identified above, Applicants have opted to elaborate 
on various aspects of Applicants' claim 30 that are distinctly different in comparison to Yan. 

Yan's paragraph [0065] discloses a message 314 that is transmitted when a change in 
"integrity metrics'" (hardware/software changes) happens within a trustee's computing platform. 
Message 314 is transmitted because "condition changes 312 within the trustee's computing 
platform pose a threat to the trust gained by the trustor through confirmation JOS." In other 
words, Yan's message 3 14 disclosed in the cited paragraph [0065] occurs after attestation has 
been carried out . 

In contrast to Yan's paragraph [0065], Applicants' claim 30 recites a can-attest message 
that is voluntarily sent ( prior to any attestation that may occur subsequently) from a second 
computer entity (e.g. a client) to a first computer entity (e.g. a server) enquiring if attestation is 
required and if so, what are the requirements for an attestation message. 

In response to this voluntary "can-attest" message, the first computer entity returns an 
"attestation-wanted" message that outlines the requirements for the attestation message. Yan fails 
to disclose these two pre-attestation messages. 

It may be further pertinent to draw attention to Yan's paragraph [0060] which discloses 
the establishment of trust in a challenge-response format ("it sends the in tegrity metrics, e.g., 
certificate chain (Ch w , Ca), to the remote server as part of the response to the challenge depicted 
in path 222 ") (Emphasis added). Applicants' attestation process (recited in claim 19) is carried 
out subsequent to Applicants' pre-attestation information exchange cited in claim 30 (voluntary 
" enquiry-provide info " format versus Yan's " challenge-response " format). 

To summarize: 

1) Yan's message 314 of paragraph [0065] does not anticipate Applicants' "can-attest" 
and "attestation- wanted" messages. (Moreso, Yan's single message does not 
reasonably anticipate Applicants' two messages - improper for a rejection under 35 
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U.S.C. 102), 

2) Yan does not teach Applicants' enquiry message "can-attest" message (^'stating that 
the first computer entity can send an attestation message but that the first computer 
entity would like to know from the second computer entity whether such an attestation 
message is required by such second computer entity and if so any requirements that 
such second computer entity has with regard to such attestation message .") 

3) Yan's "challenge message" (assuming arguendo that such a challenge message is 
interpreted as a "can-attest" message) originates in a server device while Applicants' 
"can-attest" enquiry message originates in a client device. 

For at least the reasons described above, Applicants respectfully submit that the current 
rejection of claim 30 under 35 U.S.C. 102 is improper and hereby request withdrawal of the 
rejection followed by allowance of the claim. 

Claim Rejections under 35 U.S.C. S103 

I. Statement of the Rejection 

Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over Yan in view of 
Qui (USPGPUBNo. 20040148505). 
Response to the Rejection 
Claim 15 

Applicants have opted to cancel claim 15 and respectfully submit that the rejection of this 
claim has been rendered moot as a result of the cancellation. 

II. Statement of the Rej ection 

Claims 16, 28 are rejected under 35 U.S.C. 103(a) as being unpatentable over Yan in 
view ofGrawroch (US PGPUB No. 20040117625). 
Response to the Rejection 
Claims 16 and 28 
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Applicants respectfully submit that claims 16 and 28 are at least allowable by law arising 
from dependency on allowable claims 3 1 and 30 respectively. Consequently, for at least this 
reason, Applicants respectfully request withdrawal of the rejection under 35 U.S.C. 103(a) 
followed by allowance of claims 16 and 28. 

Remarks pertaining to new claims 31-36 

Applicants respectfully submit that new claims 31-36 are allowable over the cited 

references. Specifically, independent claim 3 1 recites "transmitting an attestation message from 

a first computer entity to a second computer entity, the attestation message including a code 

identifier (code ID) that is calculated by using a security ID corresponding to a behavior 

parameter that is associated with a computing operation having security implications " 

(emphasis added). This aspect has been disclosed in various portions of Applicants' 

specification. For example, paragraph [0027] discloses: 

In particular, if the first entity 10 wishes to modify its security environment such as for 
example by reading in a file, opening a debugging port, and the like, such first entity 10 is 
itself responsible for doing so. However, if a developer developing the first entity 10 
wishes to have a particular behavior parameterized, and the parameter has security 
implications (e.g. open a different file based on program input, or debug based on 
program input) then the parameter can be placed in the id 1 8 and the first entity 10 can be 
written to refer only to the id 1 8 for the parameter. Thus, although the parameter could 
potentially be modified within the id 1 8 by a nefarious entity, the modified id 1 8 will 
cause the calculated code ID 16 to change, where such change can be interpreted by an 
interested party such as the second entity 12 as an indication that the first entity 10 should 
not be trusted. (Emphasis added). 

In contrast to Applicants' security ID (ID 18 of Fig. 2) that is used pre-emptively (before 
security failure) for calculating a code ID for transmission during "normal" as well as "after a 
security breach" (the change being indicative of the breach), Yan reports hardware/software 
changes only after the changes have occurred (paragraph [0065]), presumably as a result of a 
failure/security breach. 

Furthermore, Yan does not use his "integrity metrics" to calculate a code ID, in contrast 
to Applicants' claim 3 1 wherein a behavior parameter i.e. the security ID (Fig. 2, id 1 8 stored in 
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computing device 14) is used for calculating (Fig. 2, code ID calculator 22, paragraph [0028]) 
the code ID (16, Fig. 2). It may be also significant to point out (in light of Yan) that any changes 
in security are detected by the second entity 12 (validity of code ID). In contrast, Yan depends on 
a first entity (trustee) voluntarily providing security related information. 

Consequently, for at least the reasons outlined above, Applicants respectfully submit that 
claim 3 1 is allowable over Yan as well as the other cited references. 

Applicants' claims 33 and 34 cite specific instances of behavior parameters that are 
deemed security-related (paragraph [0027]: "a developer developing the first entity 10 whishes to 
have a particular behavior parameterized, and the parameter has security implications (e.g. 
open a different file based on program input, or debug based on program input) then the 
parameter can be placed in the id 18 and the first entity 10 can be written to refer only to the id 
18 for the parameter") 

Applicants' claims 32 cites a security ID stored in a location as shown in Applicants' Fig. 
2 (id 18) stored in computing device 14 and described in paragraph [0027] reproduced above. 

Cited Art Made of Record 

The cited art made of record has been considered, but is not believed to affect the 
patentability of the presently pending claims. 
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CONCLUSION 

Applicants respectfully submit that pending claims 2-4, 7-12, 14, 16, 18-21, 23, 25-36 are 
allowable. Favorable reconsideration and allowance of the present application and all pending 
claims are hereby requested. If, in the opinion of the Examiner, a telephonic conference would 
expedite the examination of this matter, the Examiner is invited to call the undersigned 
representative. 



Date: March 24, 2009 /Joseph F. Oriti/ 

Joseph F. Oriti 
Registration No. 47,835 

Woodcock Washburn LLP 
Cira Centre 

2929 Arch Street, 12th Floor 
Philadelphia, PA 19104-2891 
Telephone: (215) 568-3100 
Facsimile: (215) 568-3439 
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